EUVD-2020-23338

Malware in sbrugna...

CVE-2009-5158

The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text...

CVE-2025-46827 Graylog Allows Session Takeover via Insufficient HTML Sanitization

Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with...

Multiple Microsoft web applications crossite scripting

Insufficient HTML sanitization...

osCommerce 2.12.2 - Checkout_Payment.php Error Output Cross-Site Scripting

osCommerce 2.12.2 - CheckoutPayment.php Error Output Cross-Site Scripting source: https://www.securityfocus.com/bid/7155/info Error output is not sufficiently sanitized of HTML and script code by osCommerce. This may allow for cross-site scripting attacks as remote users could create a malicious...

FormMail-Clone - Cross-Site Scripting

FormMail-Clone - Cross-Site Scripting source: https://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious...

PHP-Nuke 6.0 - Web Mail Script Injection

PHP-Nuke 6.0 - Web Mail Script Injection source: https://www.securityfocus.com/bid/6400/info A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an...